diff --git a/bookstack/docker-compose.yml b/bookstack/docker-compose.yml
index e5289fc..e40a17b 100644
--- a/bookstack/docker-compose.yml
+++ b/bookstack/docker-compose.yml
@@ -2,93 +2,9 @@
 version: "2"
 services:
   app:
-    image: lscr.io/linuxserver/bookstack:latest
-    environment:
-      PUID: 1000
-      PGID: 1000
-      APP_URL: https://bookstack.sectorq.eu
-      DB_HOST: db
-      DB_PORT: 3306
-      DB_USER: bookstack
-      DB_PASS: l4c1j4yd33Du5lo
-      DB_DATABASE: bookstackapp
-      # # Set authentication method to be saml2
-      # AUTH_METHOD: saml2
-      # # Control if BookStack automatically initiates login via your SAML system if it's the only authentication method.
-      # # Prevents the need for the user to click the "Login with x" button on the login page.
-      # # Setting this to true enables auto-initiation.
-      # AUTH_AUTO_INITIATE: false
-      # # Set the display name to be shown on the login button.
-      # # (Login with <name>)
-      # SAML2_NAME: authentik
-      # # Name of the attribute which provides the user's email address
-      # SAML2_EMAIL_ATTRIBUTE: email
-      # # Name of the attribute to use as an ID for the SAML user.
-      # SAML2_EXTERNAL_ID_ATTRIBUTE: uid
-      # # Enable SAML group sync.
-      # SAML2_USER_TO_GROUPS: true
-      # # Set the attribute from which BookStack will read groups names from.
-      # # You will need to rename your roles in Bookstack to match your groups in authentik.
-      # SAML2_GROUP_ATTRIBUTE: http://schemas.xmlsoap.org/claims/Group
-      # # Name of the attribute(s) to use for the user's display name
-      # # Can have multiple attributes listed, separated with a '|' in which
-      # # case those values will be joined with a space.
-      # # Example: SAML2_DISPLAY_NAME_ATTRIBUTES=firstName|lastName
-      # # Defaults to the ID value if not found.
-      # ######SAML2_DISPLAY_NAME_ATTRIBUTES: http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname
-      # SAML2_DISPLAY_NAME_ATTRIBUTES: username
-
-      # # Identity Provider entityID URL
-      # SAML2_IDP_ENTITYID: https://auth.sectorq.eu/api/v3/providers/saml/10/metadata/?download
-      
-      # # Auto-load metadata from the IDP
-      # # Setting this to true negates the need to specify the next three options
-      # SAML2_AUTOLOAD_METADATA: true
-
-
-      # Set OIDC to be the authentication method
-      AUTH_METHOD: oidc
-      #AUTH_METHOD: standard 
-      # Control if BookStack automatically initiates login via your OIDC system 
-      # if it's the only authentication method. Prevents the need for the
-      # user to click the "Login with x" button on the login page.
-      # Setting this to true enables auto-initiation.
-      AUTH_AUTO_INITIATE: true
-      
-      # Set the display name to be shown on the login button.
-      # (Login with <name>)
-      OIDC_NAME: SSO
-      
-      # Name of the claims(s) to use for the user's display name.
-      # Can have multiple attributes listed, separated with a '|' in which 
-      # case those values will be joined with a space.
-      # Example: OIDC_DISPLAY_NAME_CLAIMS=given_name|family_name
-      OIDC_DISPLAY_NAME_CLAIMS: name
-      
-      # OAuth Client ID to access the identity provider
-      OIDC_CLIENT_ID: GCPj547vTmEpmsCM8jkuR222SS31yZMdp7oAU82U
-      
-      # OAuth Client Secret to access the identity provider
-      OIDC_CLIENT_SECRET: Nador7SOdsYgfNhRwbeRKLNPkPiASBAlTnKVi294xbOz8MM3e2RlzAaWQsQNZmBtLLZVifb1TG3OpKrVXeeW3Vu8HmJuvy8GwSAT2r0pP0241tDdEShq7UkP9G5Esdt8
-      
-      # Issuer URL
-      # Must start with 'https://'
-      OIDC_ISSUER: https://auth.sectorq.eu/application/o/bookstack/
-      
-      # The "end session" (RP-initiated logout) URL to call during BookStack logout.
-      # By default this is false which disables RP-initiated logout.
-      # Setting to "true" will enable logout if found as supported by auto-discovery.
-      # Otherwise, this can be set as a specific URL endpoint.
-      OIDC_END_SESSION_ENDPOINT: false
-      
-      # Enable auto-discovery of endpoints and token keys.
-      # As per the standard, expects the service to serve a 
-      # `<issuer>/.well-known/openid-configuration` endpoint.
-      OIDC_ISSUER_DISCOVER: true
-      
-
-
-      
+    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/bookstack:latest
+    env_file:
+      - stack.env
     volumes:
       - /share/docker_data/bookstack/bookstack_app_data:/config
     ports:
@@ -111,16 +27,12 @@ services:
       # homepage.widget.key: ddfc91b29920082636da70cc677aec74c88a7666
       # homepage.widget.version: 2
   db:
-    image: lscr.io/linuxserver/mariadb
+    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/mariadb
     environment:
       PUID: 0
       PGID: 0
-      MYSQL_ROOT_PASSWORD: l4c1j4yd33Du5lo
-      TZ: Europe/Bratislava
-      MYSQL_DATABASE: bookstackapp
-      MYSQL_USER: bookstack
-      MYSQL_PASSWORD: l4c1j4yd33Du5lo
-    
+    env_file:
+      - stack.env
     volumes:
       - /share/docker_data/bookstack/bookstack_db_data:/config
     restart: always